Powershell Script for saving logs from Domain Controller

Hi,

I got a request in from one of our IT security officers who would like a copy of all Domain controller event logs to be kept for analysis. The IT security officer it particularly interested in events 4706/4707 (Domain trust records created/deleted). The IT security officer also wants to know how far back the data relates to.

Is there a powershell script that can be run to help acquire getting this information? We have a number of different domains but he has asked for two in particular.
makel2Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HariomExchange ExpertsCommented:
Please download this script and modify accordingly.

PowerShell Script Monitors Security Logs and Sends Email Alerts.
http://chinnychukwudozie.com/2014/11/12/powershell-script-monitors-security-logs-and-sends-email-alerts/
0
Will SzymkowskiSenior Solution ArchitectCommented:
Personally this should be done by using Event Subscriptions Server. See Event Subscripts Setup at the following link below...
https://technet.microsoft.com/en-us/library/cc749183.aspx

The IT security officer also wants to know how far back the data relates to
The logs will only reference back before they get overwritten. Depending if you have auditing enabled your logs may get overwritten hourly due to all of the audit events in the Security Logs. It is a good idea to set the logs on EACH of the DC's to a minimum of 1GB. This is so that when you do event collections you will be able to get all of the logs depeneding on how often it is run against the DC's. If you are not querying the DC's often then your log size should be larger. If not, they will get overwritten.

If you are still set on collecting event log data using powershell then I would recommend using Export-EventLog.ps1 script. See below link for download.
https://gallery.technet.microsoft.com/scriptcenter/Export-EventLog-18a87c2c

Will.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.